#!/usr/bin/make -f
include /usr/share/dpkg/architecture.mk
include /usr/share/dpkg/default.mk
include /usr/share/dpkg/pkg-info.mk
export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow,+pie
export DEB_CFLAGS_MAINT_APPEND = -fno-strict-aliasing
%:
dh $@ --with apache2,python3
override_dh_auto_configure:
ifeq (hurd, $(DEB_HOST_ARCH_OS))
# hurd does not provided the system calls needed for ntpd to work.
exit 1
endif
# Only build with refclocks NOT slated for removal. See also
# debian/patches/update-refclock-docs.patch. However, if the reason
# for deprecation is only "two digit years", I *am* keeping it.
#
# Upstream references:
# https://www.ntpsec.org/removal-plan.html
# https://www.ntpsec.org/drivers.html
#
# Also drop modem. It "requires a Hayes-compatible 1200bps modem,
# hardware now 20 years obsolete".
#
# gpsd is a tough call. It's not deprecated upstream, and it still can
# work. However, upstream recommends the use of SHM, as does every
# example HOWTO I found with a quick search. Furthermore, it is buggy:
# https://lists.ntpsec.org/pipermail/devel/2016-October/002392.html
# Also, it "makes all sorts of non-standard assumptions about how gpsd
# is configured. A configuration that is contorted and non-obvious":
# https://lists.ntpsec.org/pipermail/devel/2016-October/002422.html
# Most importantly, it is an attractive nuisance. If someone is told
# that the best practice is to use "gpsd", they might logically think
# they should use the gpsd driver. Skipping the gpsd driver also avoids
# using the embedded copy of libjsmn.
#
# We pass LDFLAGS as LINKFLAGS because LINKFLAGS appears first in the
# command line. Debian wants to build with -fPIE for security reasons.
# This is not compatible with building shared libraries like the ntpc
# python extension. If the -fPIE flag comes before -shared (or -fPIC),
# the latter will override, and the build succeeds.
CFLAGS='$(CFLAGS) $(CPPFLAGS)' \
LDFLAGS='' \
LINKFLAGS='$(LDFLAGS)' \
python3 waf configure \
--pyshebang=/usr/bin/python3 \
--prefix=/usr --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
--enable-debug --enable-debug-gdb \
--enable-mssntp --enable-warnings \
--refclock=local,spectracom,generic,arbiter,nmea,pps,hpgps,shm,trimble,jjy,zyfer \
--enable-doc --htmldir=/usr/share/doc/ntpsec/html
override_dh_auto_build:
python3 waf build -v
override_dh_auto_clean:
python3 waf clean || true
rm -rf \
build \
.lock-waf_*_build \
ntpclients/ntp \
ntpd/version.h \
.waf* \
wafhelpers/autorevision.sh
find -name "*.pyc" -delete
override_dh_gencontrol:
dh_gencontrol -pntp -- -v1:4.2.8p15+dfsg-2~$(DEB_VERSION_UPSTREAM_REVISION)
dh_gencontrol -pntp-doc -- -v1:4.2.8p15+dfsg-2~$(DEB_VERSION_UPSTREAM_REVISION)
dh_gencontrol -pntpdate -- -v1:4.2.8p15+dfsg-2~$(DEB_VERSION_UPSTREAM_REVISION)
dh_gencontrol -psntp -- -v1:4.2.8p15+dfsg-2~$(DEB_VERSION_UPSTREAM_REVISION)
dh_gencontrol --remaining-packages
override_dh_install:
python3 waf install --destdir=$(CURDIR)/debian/tmp
mv \
debian/tmp/lib/systemd/system/ntpd.service \
debian/tmp/lib/systemd/system/ntpsec.service
mv \
debian/tmp/lib/systemd/system/ntp-wait.service \
debian/tmp/lib/systemd/system/ntpsec-wait.service
rm -rf debian/tmp/usr/lib/python3/dist-packages/ntp/__pycache__
# ntpfrob probes internal, mostly undocumented settings. It is
# extremely unlikely that anyone needs this.
#
# ntpsnmpd is experimental. If support for it is desired, then
# it can be installed, but it will require some patching of file
# paths to be compliant with Debian best practices. It also needs
# more documentation on how to integrate with snmpd.
#
# From ntpsweep.1, "ntpsweep relies on ntpq and Mode 6 queries to
# probe servers. This depends on the remote host's restrict
# configuration allowing queries. Nowadays effectively all public
# hosts set noquery, so this script is unlikely to be useful unless
# you have multiple specially-configured timeservers on a LAN." The
# default ntp.conf from this package also sets "noquery" (with an
# exception for localhost).
rm \
debian/tmp/usr/bin/ntpfrob \
debian/tmp/usr/bin/ntpsnmpd \
debian/tmp/usr/bin/ntpsweep \
debian/tmp/usr/share/man/man1/ntpsweep.1 \
debian/tmp/usr/share/man/man8/ntpfrob.8 \
debian/tmp/usr/share/man/man8/ntpsnmpd.8
mv \
debian/tmp/usr/bin/ntptime \
debian/tmp/usr/bin/ntpkeygen \
debian/tmp/usr/bin/ntploggps \
debian/tmp/usr/bin/ntplogtemp \
debian/tmp/usr/bin/ntpwait \
debian/tmp/usr/sbin/
install -m 755 \
attic/ntpdate \
debian/tmp/usr/sbin
# Sometimes we get the timestamp from the tarball and sometimes we get
# a more recent timestamp (probably build time?). The latter gets
# clamped to the debian/changelog timestamp when the .deb is built,
# but the tarball timestamp does not (as it is older). This forces
# all the timestamps to be newer so they all get clamped.
find $(CURDIR)/debian/tmp/usr/share/doc/ntpsec/html -type f \
-exec touch {} \+
install -d debian/ntpsec/etc/letsencrypt/renewal-hooks/deploy
install -m 755 \
debian/ntpsec.certbot \
debian/ntpsec/etc/letsencrypt/renewal-hooks/deploy/ntpsec
install -d debian/ntpsec/lib/systemd/system
install -m 644 \
debian/ntpsec.ntpsec-rotate-stats.service \
debian/ntpsec/lib/systemd/system/ntpsec-rotate-stats.service
install -m 644 \
debian/ntpsec.ntpsec-rotate-stats.timer \
debian/ntpsec/lib/systemd/system/ntpsec-rotate-stats.timer
install -d debian/ntpsec-ntpviz/lib/systemd/system
install -m 644 \
etc/ntploggps.service \
etc/ntploggps.timer \
debian/ntpsec-ntpviz/lib/systemd/system/
install -d debian/ntpsec-ntpviz/etc/ntpviz/day
install -m 644 www/day/footer \
debian/ntpsec-ntpviz/etc/ntpviz/day/footer.html
install -m 644 www/day/header \
debian/ntpsec-ntpviz/etc/ntpviz/day/header.html
install -m 644 www/index.html \
debian/ntpsec-ntpviz/etc/ntpviz/index.html
install -m 644 debian/ntpviz.options \
debian/ntpsec-ntpviz/etc/ntpviz/options
install -d debian/ntpsec-ntpviz/etc/ntpviz/week
install -m 644 www/week/footer \
debian/ntpsec-ntpviz/etc/ntpviz/week/footer.html
install -m 644 www/week/header \
debian/ntpsec-ntpviz/etc/ntpviz/week/header.html
install -d debian/ntpsec-ntpviz/usr/share/ntpsec-ntpviz/ntpviz
install -m 644 \
www/favicon.ico \
www/ntpsec-logo.png \
debian/ntpsec-ntpviz/usr/share/ntpsec-ntpviz/ntpviz
install -D -m 0755 debian/ntpdate-debian \
debian/ntpsec-ntpdate/usr/sbin/ntpdate-debian
install -D -m 0644 debian/ntpsec.dhcp \
debian/ntpsec/etc/dhcp/dhclient-exit-hooks.d/ntpsec
install -D -m 0755 debian/ntpsec.networkmanager \
debian/ntpsec/etc/NetworkManager/dispatcher.d/ntpsec
install -D -m 0644 debian/ntpsec-ntpdate.dhcp \
debian/ntpsec-ntpdate/etc/dhcp/dhclient-exit-hooks.d/ntpsec-ntpdate
install -D -m 0755 debian/ntpsec-ntpdate.networkmanager \
debian/ntpsec-ntpdate/etc/NetworkManager/dispatcher.d/ntpsec-ntpdate
install -D -m 0644 debian/ntpsec-systemd-netif.path \
debian/ntpsec/lib/systemd/system/ntpsec-systemd-netif.path
install -D -m 0644 debian/ntpsec-systemd-netif.service \
debian/ntpsec/lib/systemd/system/ntpsec-systemd-netif.service
ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
install -D -m 0644 debian/ntp.conf.ubuntu debian/ntpsec/etc/ntpsec/ntp.conf
else
install -D -m 0644 debian/ntp.conf debian/ntpsec/etc/ntpsec/ntp.conf
endif
install -D -m 0644 debian/ntpviz.conf \
debian/ntpsec-ntpviz/etc/ntpsec/ntp.d/ntpviz.conf
# install apparmor profile
install -D -m 0644 debian/apparmor-profile \
debian/ntpsec/etc/apparmor.d/usr.sbin.ntpd
install -D -m 0644 debian/apparmor-profile.tunable \
debian/ntpsec/etc/apparmor.d/tunables/ntpd
dh_link -pntpsec etc/apparmor.d/usr.sbin.ntpd \
etc/apparmor/init/network-interface-security/usr.sbin.ntpd
# install apport hook
install -D -m 644 debian/source_ntpsec.py \
debian/ntpsec/usr/share/apport/package-hooks/source_ntpsec.py
dh_link
dh_install
override_dh_installinit-arch:
dh_installinit -pntpsec --error-handler=installinit_error
dh_installinit -pntpsec-ntpviz --name=ntpviz
dh_installinit -pntpsec-ntpdate
ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
install -m 644 debian/ntpsec-ntpdate.default.ubuntu \
debian/ntpsec-ntpdate/etc/default/ntpsec-ntpdate
endif
dh_apparmor --profile-name=usr.sbin.ntpd -pntpsec
override_dh_installsystemd:
dh_installsystemd -pntpsec \
ntpsec.service \
ntpsec-systemd-netif.path \
ntpsec-rotate-stats.timer
dh_installsystemd -pntpsec-ntpviz \
ntploggps.timer \
ntplogtemp.timer \
ntpviz-daily.timer \
ntpviz-weekly.timer
override_dh_makeshlibs:
# This avoids an unnecessary trigger of ldconfig. libntpc.so is not
# installed in a system library path.
dh_makeshlibs -n